1
00:00:01,000 --> 00:00:07,090
Now that we had a basic overview on cubes as an operating system and this lecture we're going to dive

2
00:00:07,090 --> 00:00:07,680
deeper.

3
00:00:07,780 --> 00:00:13,630
We're going to learn about the structure of the operating system and how to launch different applications

4
00:00:13,720 --> 00:00:15,800
and use them in a secure manner.

5
00:00:16,660 --> 00:00:23,180
So in the previous lecture I said we can access all the applications from the top left menu in here.

6
00:00:23,260 --> 00:00:29,190
Other than the tools like I said each entry in here is actually a virtual machine.

7
00:00:29,260 --> 00:00:35,920
And then each one of these virtual machines contain different applications that you might want to use.

8
00:00:36,010 --> 00:00:42,550
Now like we said before basically a virtual machine is another completely separate operating system

9
00:00:42,790 --> 00:00:48,360
that runs within our current operating system within this computer right here.

10
00:00:48,370 --> 00:00:55,110
So each one of these entries in here is another operating system and hence the name virtual machine.

11
00:00:55,180 --> 00:00:58,480
It is as if it's a completely different computer.

12
00:00:58,480 --> 00:01:00,170
It has its own storage.

13
00:01:00,220 --> 00:01:04,120
It has its own ram its own CPSU its own resources.

14
00:01:04,120 --> 00:01:12,520
And therefore this implementation is very very secure because none of these virtual machines can communicate

15
00:01:12,610 --> 00:01:13,580
with each other.

16
00:01:13,600 --> 00:01:19,750
So if one of them gets hacked or an application that it is stored in one of these virtual machines gets

17
00:01:19,750 --> 00:01:22,800
hacked it will not be able to compromise.

18
00:01:22,870 --> 00:01:25,470
The other virtual machines.

19
00:01:25,780 --> 00:01:30,360
Now you'll notice there are different types of virtual machines in here.

20
00:01:30,370 --> 00:01:35,980
We have disposable virtual machines domain service and template.

21
00:01:36,010 --> 00:01:40,340
These disposable virtual machines are amnesiac virtual machines.

22
00:01:40,360 --> 00:01:47,500
So these machines are designed to be USED TO RUN UNTRUSTED FILES or files that you think might be malware

23
00:01:47,500 --> 00:01:53,890
or viruses because once you're on these files and then even if these machines get hacked the virus or

24
00:01:53,890 --> 00:01:59,500
the backdoor cannot move or the hacker cannot move and compromise other machines because like we said

25
00:01:59,500 --> 00:02:02,230
everything is a completely separate machine.

26
00:02:02,230 --> 00:02:08,590
Not only that once you turn off this disposable machine everything that was stored on it including the

27
00:02:08,590 --> 00:02:10,870
virus or the backdoor will be removed.

28
00:02:10,870 --> 00:02:16,290
So when you started again it will start a completely brand new machine.

29
00:02:16,300 --> 00:02:21,780
Next we have the domain virtual machines and you can see these have different colors.

30
00:02:21,820 --> 00:02:28,560
And the idea of these machines are normal computers or normal virtual machines that can be used for

31
00:02:28,570 --> 00:02:29,690
normal usage.

32
00:02:29,740 --> 00:02:35,080
So you have one that's called personal you should use this for whatever personal use you use a computer

33
00:02:35,080 --> 00:02:41,380
for for listening to music watching YouTube watching my videos wherever you usually do on a personal

34
00:02:41,380 --> 00:02:45,230
computer where you have an untrusted domain.

35
00:02:45,250 --> 00:02:51,610
This is a virtual machine that is designed for you to do untrusted things for example doing the normal

36
00:02:51,610 --> 00:02:52,350
web browsing.

37
00:02:52,360 --> 00:02:57,420
If you are searching for something and you're not sure if you're going to land in an untrusted Web site

38
00:02:57,610 --> 00:03:04,390
then you can use this untrusted machine don't open your email or any accounts on this because it's untrusted

39
00:03:04,570 --> 00:03:08,580
you're going to be doing untrusted tasks and open an untrusted websites.

40
00:03:08,590 --> 00:03:14,530
Therefore even if this machine gets hacked your personal data on your personal computer will not be

41
00:03:14,530 --> 00:03:20,820
compromised because they are two completely separate virtual machines.

42
00:03:20,970 --> 00:03:28,320
We have a vault domain and this domain is a virtual machine that is not connected to the Internet and

43
00:03:28,320 --> 00:03:35,400
the whole idea of this is you store your most important and more secretive files or data so you can

44
00:03:35,400 --> 00:03:41,040
store your secret keys you can store your passwords you can store documents that are very important

45
00:03:41,130 --> 00:03:43,710
and you can't risk them being leaked.

46
00:03:43,710 --> 00:03:47,320
And again the whole idea is this is not even connected to the Internet.

47
00:03:47,400 --> 00:03:51,820
And it's a completely separate computer completely separate virtual machine.

48
00:03:51,960 --> 00:03:58,210
Therefore it is very very very difficult or next to impossible to hack into.

49
00:03:58,230 --> 00:04:00,390
Finally we have a work domain.

50
00:04:00,450 --> 00:04:06,840
Again this is just another virtual machine that is designed for you to use for your work tasks so you

51
00:04:06,840 --> 00:04:08,550
can open your work e-mail.

52
00:04:08,550 --> 00:04:09,410
You can do.

53
00:04:09,410 --> 00:04:10,800
You can log into your work.

54
00:04:10,800 --> 00:04:13,920
If your work needs you to log into a certain platform.

55
00:04:13,920 --> 00:04:17,100
And again this is a completely separate virtual machine.

56
00:04:17,100 --> 00:04:22,680
So if any of the other machines get compromised your work whatever you have in this virtual machine

57
00:04:22,860 --> 00:04:29,960
will not be compromised because it is a completely separate virtual machine a completely separate computer.

58
00:04:29,970 --> 00:04:36,360
Now this whole idea of separation between domains and between virtual machines is what cubes is made

59
00:04:36,360 --> 00:04:39,310
of is what cubes is designed to do.

60
00:04:39,420 --> 00:04:43,110
And even if you think this is a little bit vague don't worry about it.

61
00:04:43,140 --> 00:04:47,610
I'm going to give you examples in the next lecture where I'm going to have different virtual machines

62
00:04:47,850 --> 00:04:54,190
and the whole idea will become very very clear other than the domain virtual machines.

63
00:04:54,190 --> 00:04:57,160
We have a number of service virtual machines.

64
00:04:57,160 --> 00:05:01,660
Now these are virtual machines designed to carry out system services.

65
00:05:01,660 --> 00:05:07,120
So even though these are virtual machines you don't usually use them to carry out different tasks.

66
00:05:07,120 --> 00:05:11,380
So we don't use them to access the Internet or we don't use them to store files.

67
00:05:11,380 --> 00:05:16,860
The idea of these virtual machines is to provide services for the operating system.

68
00:05:17,020 --> 00:05:21,900
For example this firewall right here is literally the operating system firewall.

69
00:05:21,970 --> 00:05:28,060
But to improve the security of the operating system the whole firewall is stored in a completely separate

70
00:05:28,060 --> 00:05:29,470
virtual machine.

71
00:05:29,470 --> 00:05:36,520
Same goes for this net system that is basically a virtual machine that is designed to encapsulate your

72
00:05:36,520 --> 00:05:37,250
networking.

73
00:05:37,270 --> 00:05:39,220
The networking of this computer.

74
00:05:39,220 --> 00:05:45,460
So if for any reason if someone manages to exploit your networking it will be very difficult for them

75
00:05:45,460 --> 00:05:50,860
to escalate their privileges and gain access to the other virtual machines.

76
00:05:50,860 --> 00:05:55,470
We also have another network in virtual machine which is the sister who annex.

77
00:05:55,540 --> 00:06:01,630
This is the WHO next Gateway which basically forces all traffic to go through the Tor network and we'll

78
00:06:01,630 --> 00:06:06,940
see how we can configure virtual machines to use this gateway and basically we'll have an operating

79
00:06:06,940 --> 00:06:15,150
system very similar to Thales and finally we have a number of templates virtual machines.

80
00:06:15,150 --> 00:06:21,600
These are machines that the other virtual machines such as the domain virtual machines right here are

81
00:06:21,600 --> 00:06:22,500
based off.

82
00:06:23,460 --> 00:06:30,420
So for example the work virtual machine and the personal virtual machine are both templates of the fedora

83
00:06:30,450 --> 00:06:32,070
30 virtual machine.

84
00:06:32,580 --> 00:06:39,210
So if you update the fedora 30 virtual machine right here or installed pigeon on it automatically personal

85
00:06:39,270 --> 00:06:43,620
and work because they are based on this template on the fedora.

86
00:06:43,620 --> 00:06:49,860
They will automatically get updated and they will automatically get pigeon and we'll talk about that

87
00:06:49,920 --> 00:06:52,950
in more details later on.

88
00:06:52,950 --> 00:06:57,900
Now I know I spoke about a lot of different types of virtual machines and domains.

89
00:06:57,900 --> 00:07:02,550
Don't get confused and don't worry we will be using them a lot and the next lectures.

90
00:07:02,640 --> 00:07:08,400
And as we use them the difference will become clearer and you will find it very very easy to understand

91
00:07:09,150 --> 00:07:15,330
the main idea to keep in mind is the only virtual machines that you will actually be using for your

92
00:07:15,330 --> 00:07:21,570
data their use are the domain virtual machines the ones that colored in here and start with the word

93
00:07:21,570 --> 00:07:22,820
domain.

94
00:07:22,830 --> 00:07:28,860
Everything else is either a service virtual machine so it's running a system service or a template virtual

95
00:07:28,860 --> 00:07:29,250
machine.

96
00:07:29,310 --> 00:07:33,050
So it's a virtual machine which the domains are based of.